ERDDAP - Set Up Your Own ERDDAP

ERDDAP
Easier access to scientific data

Brought to you by NOAA NMFS SWFSC ERD

And see the related document Working with the datasets.xml File

ERDDAP is an all-open source, all-Java (servlet), web application that runs in a web application server
(for example, Tomcat). This web page is mostly for people ("ERDDAP administrators") who want to set up
their own ERDDAP installation at their own web site.

Why use ERDDAP to distribute your data?

Because the small effort to setup ERDDAP brings many benefits.

If you already have a web service for distributing your data,
you can set up ERDDAP to access your data via the existing service.
Or, you can set up ERDDAP to access your data directly from local files.
For each dataset, you only have to write a small chunk of XML to tell ERDDAP how to access the dataset.
Once you have ERDDAP serving your data, end users can:
- Request the data in various ways (DAP, WMS, and more in the future).
- Get the response in various file formats. (That's probably the biggest reason!)
- Make graphs and maps. (Everyone likes pretty pictures.)

How To Do the Initial Setup of ERDDAP on Your Server

ERDDAP should run on any server that supports Java and Tomcat (and perhaps other application servers).
ERDDAP has been tested on Linux, Mac, and Windows computers.
Type "java -version" from your server's command line to make sure you have Java (JRE or JDK)
version 1.5 update 11 (or higher) or version 1.6 update 1 (or higher) installed.
Instructions for installing Java on Linux are here.
Set up Tomcat (or some other application server) on your server.
Below, the Tomcat directory will be referred to as <tomcat> .
Warning! If you already have a Tomcat running some other web application (especially THREDDS),
we recommend that you install ERDDAP in a second Tomcat, because ERDDAP may need different settings
and shouldn't have to contend with other applications for memory.
- On Linux, add "export JAVA_HOME=YourJavaDirectory" to the top of <tomcat>/bin/startup.sh .
  On Mac and Windows, you probably don't need to set JAVA_HOME.
- On Linux and Mac, add "export JAVA_OPTS='-Djava.awt.headless=true -Xmx1500M' "
  to the top of <tomcat>/bin/startup.sh .
  On Windows, right click on the Tomcat Manager icon in the system tray;
  select "Configure : Java";
  set "Maximum Memory Pool" to 1500 (or less if just for testing?) and
  (optional) add "-verbose:gc" to the list of Java Options.
  The Xmx memory setting is important because, ERDDAP can run out of memory.
  The more physical memory in the server the better: 4+ GB is really good
  (extra is used for swap space, which is useful), 2 GB is okay, less is not recommended.
  Even with abundant physical memory, Tomcat/Java won't run if you try to set -Xmx much above 1500M.
  If your server has less than 2GB of memory, reduce the -Xmx value (in 'M'egaBytes)
  to 1/2 of the physical memory.
  Optional: You can add "-verbose:gc" to the JAVA_OPTS. It tells Java to send Java garbage collection
  information to <tomcat>/logs/catalina.out (or some other Tomcat log file)
  which is useful if your ERDDAP has memory problems.
- Fonts for images: On Linux and Windows, download BitstreamVeraSans.zip and unzip it into
  <JAVA_HOME>/jre/lib/fonts so Java can find the fonts.
  Installing these fonts isn't required, but we prefer these free fonts to the standard Linux/Java fonts.
  On Mac (or Linux and Windows if you don't install these fonts),
  you need to change the fontFamily setting in setup.xml to <fontFamily>SansSerif</fontFamily> .
  Remember: if/when you later upgrade to a newer version of Java, you need to reinstall these fonts.
- On Linux, Tomcat is often set up as belonging to user "tomcat".
  From the parent of the tomcat directory, type chown -R tomcat apache-tomcat-6.0.20
  Then, the startup.sh and shutdown.sh scripts should be run as user "tomcat" so that Tomcat has
  permission to write to its log files.
- Test your Tomcat installation.
  - Linux:
    Run <tomcat>/bin/startup.sh
    View your URL + ":8080/" in your browser (e.g., http://coastwatch.pfeg.noaa.gov:8080/).
    You should see the Tomcat "Congratulations" page. If not, see the log files in <tomcat>/logs.
  - Mac (run Tomcat as su):
    Run sudo <tomcat>/bin/startup.sh
    View your URL + ":8080/" in your browser (e.g., http://coastwatch.pfeg.noaa.gov:8080/).
    You should see the Tomcat "Congratulations" page. If not, see the log files in <tomcat>/logs.
  - Windows localhost: Right click on the Tomcat icon in the system tray, and choose "Start service".
    View http://127.0.0.1:8080/ in your browser.
    You should see the Tomcat "Congratulations" page. If not, see the log files in <tomcat>/logs.
- Troubles with the Tomcat installation?
  See the old but useful Tomcat installation instructions.
  See the Tomcat web site or search the web for help,
  but please let us know the problems you had and the solutions you found.
On Linux computers, if Tomcat is running in Apache, you need to modify the /etc/httpd/conf/httpd.conf
file to allow HTTP traffic to/from ERDDAP:
1. Uncomment the line <IfModule mod_proxy.c> and the corresponding </IfModule>
2. Within the IfModule directive add the following lines:
  ProxyPass /erddap http://www.YourServer.org:8080/erddap
  ProxyPassReverse /erddap http://www.YourServer.org:8080/erddap
3. Then restart Apache: /usr/sbin/apachectl restart (but sometimes it is in a different directory).
On Linux, Mac, and Windows, download erddapContent.zip and unzip it into <tomcat>,
creating <tomcat>/content/erddap .
- Read the comments in <tomcat>/content/erddap/setup.xml and make the requested changes.
  setup.xml is the file with all of the settings which specify how your ERDDAP behaves.
- Read the comments in Working with the datasets.xml File, then modify the XML in
  <tomcat>/content/erddap/datasets.xml to specify all of the datasets you want your ERDDAP to serve.
After you edit the .xml files, it is a good idea to verify that the result is well-formed XML
by pasting the XML text into an XML checker like RUWF.
On Linux, Mac, and Windows, download erddap.war into <tomcat>/webapps .
Then shutdown and startup Tomcat.
Or, if you use the Tomcat Web Application Manager:
- Download erddap.war into a temporary directory on your computer.
- Use "Select WAR file to upload" to pick the erddap.war file.
- Click on "Deploy".
The .war file is big because it contains high resolution coastline, boundary, and elevation data needed
to create maps.
Hopefully, you can now use a browser to view <YourServer'sURL>/erddap/ and see ERDDAP immediately.
ERDDAP starts up immediately, but without any datasets loaded.
Datasets are loaded in a background thread and so become available one-by-one.

How To Do an Update of an Existing ERDDAP on Your Server

Download erddapContent.zip and unzip it into a temporary directory.
- If you made changes to your previous copy of messages.xml,
  make the same changes to the new messages.xml in the temporary directory.
- Move messages.xml from the temporary directory to be <tomcat>/content/erddap/messages.xml .
- If you made changes to your previous copy of erddap.css or erddapAlt.css,
  make the same changes to the new erddap.css or erddapAlt.css in the temporary directory.
- Move /images/erddap.css from the temporary directory to be <tomcat>/content/erddap/images/erddap.css .
- Move /images/erddapAlt.css from the temporary directory to be <tomcat>/content/erddap/images/erddapAlt.css .
- Keep using your current setup.xml and datasets.xml.
Make the changes listed in Changes in the section entitled "Things ERDDAP Administrators Need to Know and Do"
for all of the ERDDAP versions since the version you were using.
Download erddap.war into a temporary directory.
In Tomcat Manager, "Undeploy" ERDDAP.
In Tomcat Manager, "Deploy" the erddap.war file.

Things You Need To Know

Status Page - You can view the status of your ERDDAP from any browser by going to
<baseUrl>/erddap/status.html
- This page is generated dynamically, so it always has up-to-the-moment statistics for your ERDDAP.
- It includes statistics regarding the number of requests, memory usage, thread stack traces,
  the taskThread, etc.
- Because the Status Page can be viewed by anyone, it doesn't include quite as much information
  as the Daily Report.
log.txt - When you are first installing ERDDAP or any time something isn't working as expected,
it is very useful to look at the diagnostic messages in the ERDDAP log file.
- The log file is the log.txt file in <bigParentDirectory>/logs (as specified in setup.xml).
- When the log.txt files gets to 5 MB, it is renamed log.txt.previous and a new log.txt file is created.
  So log files don't accumulate.
- Whenever you restart ERDDAP, it makes an archive copy of the log.txt and log.txt.previous files with
  a time stamp. If there was trouble before the restart, it may be useful to analyze these archived
  files for clues as to what the trouble was.
- You can delete the archive files if they are no longer needed.
- Types of diagnostic messages in the log file:
  - The word "error" is used when something went so wrong that the procedure failed to complete.
    Although it is annoying to get an error, the error forces you to deal with the problem.
    Our thinking is that it is better to throw an error, than to have ERDDAP hobble along,
    working in a way you didn't expect.
  - The word "warning" is used when something went wrong, but the procedure was able to complete.
    These are pretty rare.
  - Anything else is just an informative message.
    You can control how much information is logged with <logLevel> in setup.xml.
Tomcat Log Files - Tomcat errors are logged to <tomcat>/logs/catalina.(today).log or
<tomcat>/logs/catalina.out.
These are often particularly helpful if ERDDAP won't even start up.
emailLogYEAR-MM-DD.txt - ERDDAP always writes the text of all out-going email messages
in the current day's emailLogYEAR-MM-DD.txt file in <bigParentDirectory>/logs
(as specified in setup.xml).
- If the server can't send out email messages, or if you have configured ERDDAP not to send
  out email messages, or if you are just curious, this file is a convenient way to see
  all of the email messages that have been sent out.
- You can delete previous days' email log files if they are no longer needed.
Daily Report - The Daily Report has lots of useful information -- more than the Status Page.
- It is the most complete summary of your ERDDAP's status.
- Among other statistics, it includes a list of datasets that didn't load and the exceptions
  they generated.
- It is emailed to <emailDailyReportsTo> and <emailEverythingTo> (as specified in
  setup.xml) provided you have set up the email email system (in setup.xml).
- It is also written to the log file.
- It is generated when you start up ERDDAP, just after ERDDAP's first attempt to load all of
  the datasets.
- It is also generated soon after 7 am local time every morning.
Adding/Changing Datasets - ERDDAP usually rereads datasets.xml every <loadDatasetsMinMinutes>
(specified in setup.xml). So you can make changes to datasets.xml any time, even while ERDDAP is running.
A new dataset will be detected soon, usually within <loadDatasetsMinMinutes>.
A changed dataset will be reloaded when it is <reloadEveryNMinutes> old (as specified in datasets.xml).
A Flag File Tells ERDDAP to Try to Reload a Dataset As Soon As Possible
- If a dataset is active in ERDDAP and you want to force ERDDAP to reload it as soon as possible
  (before the dataset's <reloadEveryNMinutes> would cause it to be reloaded),
  put a file in <bigParentDirectory>/flag (as specified in setup.xml) that has the
  same name as the datasetID (as specified in datasets.xml).
- The contents of the flag file are irrelevant.
- ERDDAP continuously looks for flag files.
- When ERDDAP finds a flag file, it deletes the file and tries to reload the dataset very soon
  (usually within seconds).
- Note that when a dataset is reloaded, all files in the bigParentDirectory/cache/datasetID
  directory are deleted.
- Note that if the dataset's xml includes active="false", a flag will cause the dataset to be made inactive
  (if it is active), and in any case, not reloaded.
ERDDAP has a web service so that flags can be set via URLs.
- For example,
  http://coastwatch.pfeg.noaa.gov/erddap/setDatasetFlag.txt?datasetID=rPmelTao&flagKey=123456789
  (that's a fake flagKey) will set a flag for the rPmelTao dataset.
- There is a different flagKey for each datasetID.
- Administrators can see a list of flag URLs for all datasets by looking at the bottom of their
  Daily Report email.
- Administrators should treat these URLs as confidential, since they give someone the right to reset
  a dataset at will.
- If you think the flagKeys have fallen into the hands of someone who is abusing them,
  you can change <flagKeyKey> in setup.xml and restart ERDDAP to force
  ERDDAP to generate and use a different set of flagKeys.
- If you change <flagKeyKey>, remember to send the new URLs to the people who you do want to
  have them.
The flag system can serve as the basis for a more efficient mechanism for telling ERDDAP when to
reload a dataset. For example, you could set a dataset's <reloadEveryNMinutes> to a
large number (e.g., 10080 = 1 week).
Then, when you know the dataset has changed (perhaps because you added a file to the dataset's data
directory), set a flag so that the dataset is reloaded as soon as possible.
This is much more responsive and much more efficient than setting <reloadEveryNMinutes>
to a small number.
Force Dataset Removal - If a dataset is active in ERDDAP, and you want to deactivate it as soon as
possible, add active="false" to the dataset tag and set a flag.
Once the dataset is not active (i.e., not visible in ERDDAP's list of datasets),
you can remove the dataset's description from the datasets.xml file if you want to.
Cached Responses - In general, ERDDAP doesn't cache (store) responses to user requests.
The rationale was that most requests would be slightly different so the cache wouldn't be very effective.
The biggest exceptions are requests for image files
(which are cached since browsers and programs like Google Earth often re-request images)
and requests for .nc files (because they can't be created on-the-fly).
ERDDAP stores each dataset's cached files in a different directory: bigParentDirectory/cache/datasetID
since a single cache directory might have a huge number of files which might become slow to access.
Files are removed from the cache for one of three reasons:
- All files in this cache are deleted when ERDDAP is restarted.
- Periodically, any file more than <cacheMinutes> old (as specified in setup.xml) will be deleted.
  Removing files in the cache based on age (not Least-Recently-Used) ensures that files won't stay
  in the cache very long.
  Although it might seem like a given request should always return the same response, that isn't true.
  For example, a tabledap request which includes &time>someTime will change if
  new data arrives for the dataset.
  And a griddap request which includes [last] for the time dimension will change if new
  data arrives for the dataset.
- Images showing error conditions are cached, but only for a few minutes (it's a difficult situation).
- Every time a dataset is reloaded, all files in that dataset's cache are deleted.
  Because requests may be for the "last" index in a gridded dataset, files in the cache may become
  invalid when a dataset is reloaded.
Stored Dataset Information -
For all types of datasets, ERDDAP gathers lots of information when a dataset is loaded and keeps that
in memory. This allows ERDDAP to respond very quickly to searches, requests for lists of datasets,
and requests for information about a dataset.
For a few types of datasets (notably EDDGridCopy, EDDTableCopy, EDDGridFromXxxFiles, and
EDDTableFromXxxFiles), ERDDAP stores on disk some information about the dataset that is reused
when the dataset is reloaded. This greatly speeds the reloading process.
- The dataset information files are human-readable .json files and are stored in
  <bigParentDirectory>/datasetInfo .
- ERDDAP only deletes these files in unusual situations.
- It shouldn't ever be necessary for you to delete these files because ERDDAP verifies and updates
  the stored information when the dataset is reloaded.
- But if you ever do need to delete these files (why?), you can do it when ERDDAP is running.
  Then set a flag.
- If you want to encourage ERDDAP to update the stored dataset information (for example,
  if you just added, removed, or changed some files to the dataset's data directory),
  use the flag system.
sitemap.xml - As the www.sitemaps.org web site says:
Sitemaps are an easy way for webmasters to inform search engines about pages on their
sites that are available for crawling. In its simplest form, a Sitemap is an XML file that lists
URLs for a site along with additional metadata about each URL (when it was last updated, how
often it usually changes, and how important it is, relative to other URLs in the site) so that
search engines can more intelligently crawl the site.
Web crawlers usually discover pages from links within the site and from other sites. Sitemaps
supplement this data to allow crawlers that support Sitemaps to pick up all URLs in the Sitemap
and learn about those URLs using the associated metadata. Using the Sitemap protocol does not
guarantee that web pages are included in search engines, but provides hints for web crawlers
to do a better job of crawling your site.
Actually, since ERDDAP is RESTful, search engine spiders can easily crawl your ERDDAP.
But they tend to do it more often (daily!) than necessary (monthly?).
- Given that each search engine may be crawling your entire ERDDAP every day,
  this can lead to a lot of unnecessary requests.
- So ERDDAP generates a sitemap.xml file for your ERDDAP which tells search engines
  that your ERDDAP only needs to be crawled every month.
- You should add a refernce to ERDDAP's sitemap.xml to your robots.txt file:
  Sitemap: http://www.yoursite.org/erddap/sitemap.xml
- If that doesn't seem to be getting the message to the crawlers, you can tell the various search
  engines about the sitemap.xml file by visiting these URLs (but change YourInstitution
  to your institution's acronym or abbreviation and www.yoursite.org to your ERDDAP's URL):
  - http://submissions.ask.com/ping?sitemap=http://www.yoursite.org/erddap/sitemap.xml
  - http://www.bing.com/webmaster/ping.aspx?siteMap=http://www.yoursite.org/erddap/sitemap.xml
  - http://www.google.com/ping?sitemap=http://www.yoursite.org/erddap/sitemap.xml
  - http://search.yahooapis.com/SiteExplorerService/V1/updateNotification?appid=YourInstitution_ERDDAP&url=http://www.yoursite.org/erddap/sitemap.xml
  (I think) you just need to ping each search engine once, for all time.
  The search engines will then detect changes to sitemap.xml periodically.
Email Notification of Updates - If you want to receive an email whenever a new version of ERDDAP
is available, send an email to bob dot simons at noaa dot gov requesting this.
Data Dissemination / Data Distribution Networks: Push and Pull Technology
- Normally, ERDDAP acts as an intermediary: it takes a request from a user;
  gets data from a remote data source; reformats the data; and sends it to the user.
- Pull Technology: ERDDAP also has the ability to actively get all of the available data
  from a remote data source and store a local copy of the data.
- Push Technology: By using ERDDAP's subscription services, other data servers can be notified as soon
  as new data is available so that they can request the data (by pulling the data).
- ERDDAP's EDDGridFromErddap and EDDTableFromErddap use ERDDAP's subscription services and
  flag system so that it will be notified immediately when new data is available.
- You can combine these to great effect: if you wrap an EDDGridCopy around an EDDGridFromErddap
  dataset (or wrap an EDDTableCopy around an EDDTableFromErddap dataset),
  ERDDAP will automatically create and maintain a local copy of another ERDDAP's dataset.
- Because the subscription services work as soon as new data is available,
  push technology disseminates data very quickly (within seconds).
This architecture puts each ERDDAP administrator in charge of determining where the data
for his/her ERDDAP comes from.
- Other ERDDAP administrators can do the same. There is no need for coordination between administrators.
- If many ERDDAP administrators link to each other's ERDDAPs, a data distribution network is formed.
- Data will be quickly, efficiently, and automatically disseminated from data sources
  (ERDDAPs and other servers) to data re-distribution sites (ERDDAPs) anywhere in the network.
- A given ERDDAP can be both a source of data for some datasets and a re-distribution site for other
  datasets.
- The resulting network is roughly similar to data distribution networks set up with programs like
  Unidata's IDD/IDM, but less rigidly structured.
Security - By default, ERDDAP runs as an entirely public server (using http) with no login system and no
restrictions to data access. If you want to restrict access to some or all datasets to some users,
you can use ERDDAP's built-in security system. When the security system is in use:
- ERDDAP uses role-based access control. The ERDDAP administrator defines users
  (username, password, and roles information) with <user> tags in datasets.xml.
  And the ERDDAP administrator defines which roles have access to which datasets via an
  <accessibleTo> tag in datasets.xml for any dataset that shouldn't have public access.
- The user's log in status (and a link to log in/out) will be shown at the top of every web page.
  (But a logged in user will appear to ERDDAP to be not logged in if he uses an http URL.)
  If a user tries and fails to log in 3 times, the user is blocked from trying to log in for 15 minutes.
- If a user is not logged in, the user can use http URLs (the default) or https URLs
  (but why? it's less efficient).
  If a user is logged in, the user must use https URLs to continue to be treated as logged in.
  (This helps prevent session hijacking and sidejacking.)
- Anyone who isn't logged in can access and use the public datasets.
  By default, private datasets don't appear in lists of datasets if a user isn't logged in.
  If the administrator has set setup.xml's <listPrivateDatasets> to true, they will appear.
  Attempts to request data from private datasets (if the user knows the URL) will be redirected
  to the login page.
- Anyone who is logged in will be able to see and request data from any public dataset
  and any private dataset to which their role allows them access.
  By default, private datasets to which a user doesn't have access don't appear in lists of datasets.
  If the administrator has set setup.xml's <listPrivateDatasets> to true, they will appear.
  Attempts to request data from private datasets to which the user doesn't have access will be
  redirected to the login page.
- The RSS information for all datasets is always available to anyone.
  (This is not ideal. But RSS readers won't ever log in, so they need access without loggin in.)
  But, since private datasets that aren't accessible aren't advertised,
  their RSS links are not advertised either.
- Email subscriptions can only be set up when a user has access to a dataset.
  Once set up, they continue to function after the user has logged out.
To set up the security system:
- Do the standard ERDDAP initial setup.
- In setup.xml,
  - Add/change the <authenticate> value from nothing to "custom" or "openid".
  - Add/change the <baseHttpsUrl> value.
  - Insert/uncomment &loginInfo; in <startBodyHtml> to display the user's log in/out info
    at the top of each web page.
- Configure tomcat to support SSL (the basis for https connections)
  by creating a keystore with a digital certificate and by modifying <tomcat>/conf/server.xml
  to uncomment the connector for port 8443.
  It is best to get a digital certificate from a certificate authority instead of making a self-signed certificate,
  because it gives your clients more assurance that they are indeed connecting to your ERDDAP,
  not an imposter's website.
  On Windows, Tomcat may have to move .keystore from "c:\Documents and Settings\you\.keystore" to
  "c:\Documents and Settings\Default User\.keystore" or "c:\.keystore"
  (see [tomcat]/logs/catalina.(today).log if the application doesn't load or users can't see the log in
  page).
  You can see when the .keystore certificate will expire by examining the certificate when you log in.
  For additional security, create a signed certificate from a trusted source.
  (Search the web for more information.)
- If Tomcat is running in Apache, you need to modify the /etc/httpd/conf/httpd.conf file to allow HTTP traffic
  to/from ERDDAP:
  To the "VirtualHost" tag, add the lines:
  ProxyPass /erddap <YourServer'sHttpsURL>/erddap
  ProxyPassReverse /erddap <YourServer'sHttpsURL>/erddap
  (This is untested. If you do this and it works or doesn't work, let us know.)
- In datasets.xml, create a <user> tag for each user with username, password, and roles information.
  This is the authorization part of ERDDAP's security system.
- In datasets.xml, add an <accessibleTo> tag to each dataset that shouldn't have public access.
  <accessibleTo> lets you specify which roles have access to that dataset.
- Restart Tomcat.
  Trouble? Check the Tomcat logs.
- CHECK YOUR WORK! Any mistake could lead to a security flaw.
- Check that the login page uses https (not http).
  Attempts to connect via http should be automatically redirected to https and port 8443.
  You may need to work with your network administrator to allow external web requests to access
  port 8443 on your server.
- You can change the <user> and <accessibleTo> tags at any time.
  The changes will be applied at the next regular reload of any dataset,
  or immediately if you use a flag.
- It worked for a few months, now users can't get to the log in page?
  Check the Tomcat logs. Your .keystore certificate may have expired and you may need to make a new one.
  You can see when the .keystore certificate will expire by examining the certificate when you log in.
Authentication (logging in) - Currently, ERDDAP supports Custom and OpenID (recommended) authentication.
We recommend OpenID because it frees you from storing and handling user's passwords.
Remember that users often use the same password at different sites.
So they may be using the same password for your ERDDAP as they do at their bank.
That makes their password very valuable -- much more valuable to the user than the data they are requesting.
So you need to do as much as you can to keep the passwords private. That is a big responsibility.
OpenID takes care of passwords, so you don't have to gather, store, or work with them.
So you are freed from that responsibility.
- "Custom" is ERDDAP's custom system for letting users log in by entering their User Name and
  Password in a form on a web page.
  This is secure because the User Name and Password are transmitted via https (not http),
  but OpenID is better because it frees you from having to handle passwords.
  This approach requires you to collect User Names and Passwords (use your phone! email isn't secure!)
  and store them in datasets.xml in <user> tags.
  This approach uses a cookie on the user's computer, so the user's browser must be set to allow cookies.
  If a user is making ERDDAP requests from a computer program (not a browser), cookies are hard
  to work with. Sorry.
- OpenID is an open standard that lets users log in with your password at one web site
  and then log in without your password at many other web sites, including ERDDAP.
  OpenID is very convenient for ERDDAP administrators -- you don't ever have to deal with passwords.
  All you need is a user's OpenID URL (which is public information)
  so that you can define the users and their roles in datasets.xml with <user> tags.
  OpenID uses a cookie on the user's computer, so the user's browser must be set to allow cookies.
  If a user is making ERDDAP requests from a computer program (not a browser),
  cookies are hard to work with. Sorry.
ERDDAP doesn't support BASIC authentication because:
- BASIC seems geared toward predefined web pages needing secure access or blanket on/off access
  to the whole site, but ERDDAP allows (restricted access) datasets to be added on-the-fly.
- BASIC authentication doesn't offer a way for users to log out!
Secure Data Sources - If a data set is to have restricted access to ERDDAP users,
the data source (from where ERDDAP gets the data) should not be publicly accessible.
So how can ERDDAP get the data for restricted access datasets? Some options are:
- ERDDAP can serve data from local files (for example, via EDDTableFromFiles or EDDGridFromFiles).
- ERDDAP can be in a DMZ and the data source (e.g., an OPeNDAP server or a database) can be
  behind a firewall,
  where it is accessible to ERDDAP but not to the public.
- The data source can be on a public web site, but require a login to get the data.
  The one type of dataset that ERDDAP can log on to access is EDDTableFromDatabase.
  These datasets support (and should always use) user names, passwords, SSL connections,
  and other security measures.
  But in general, currently, ERDDAP can't deal these data sources because it has no
  provisions for logging on to the data source.
  This is the reason why access to EDDGridFromErddap and EDDTableFromErddap datasets
  can't be restricted.
  Currently, the local ERDDAP has no way to login and access the metadata information
  from the remote ERDDAP.
  And putting the remote ERDDAP behind your firewall and removing its dataset's
  accessibleTo restrictions doesn't solve the problem:
  since user requests for EDDXxxFromErddap data need to be redirected to the remote ERDDAP,
  the remote ERDDAP can't be behind a firewall.
Questions? Suggestions? If you have any questions about ERDDAP's security system
or have any questions, doubts, concerns, or suggestions about how it is set up,
please email bob dot simons at noaa dot gov.

Things You Don't Need To Know

These are details that you don't need to know until a need arises.

Setting Up a Second ERDDAP for Testing/Development
If you want to do this, there are two approaches:
1. (Best) Install Tomcat and ERDDAP on a computer other than the computer that has your public ERDDAP.
  If you use your personal computer,
  - Do the installation one step at a time. Get Tomcat up and running first.
  - When Tomcat is running, the Tomcat Manager should be at http://127.0.0.1:8080/manager/html/
  - In ERDDAP's setup.xml, set baseUrl to http://127.0.0.1:8080
  - ERDDAP will be at http://127.0.0.1:8080/erddap
2. (Second Best) Install another Tomcat on the same computer as your public ERDDAP.
  1. Change all of the port numbers associated with the second Tomcat (e.g., change 8080 to 8081)
    (see these directions).
  2. Install ERDDAP in the new Tomcat.
    In the new ERDDAP's setup.xml, set baseUrl to http://www.your.site.name:8081
    You can then access the new ERDDAP via http://www.your.site.name:8081/erddap .
Heavy Loads / Constraints - With heavy use, a standalone ERDDAP may be constrained by various problems.
For more information, see the list of constraints and solutions.
Grids, Clusters, and Federations - Under very heavy use, a single standalone ERDDAP will run into
one or more constraints and even the suggested solutions will be insufficient.
For such situations, ERDDAP has features that make it easy to construct scalable grids
(also called clusters or federations) of ERDDAPs which allow the system to handle very heavy use
(e.g., for a large data center). For more information, see grids, clusters, and federations of ERDDAPs.
Cloud Computing - Several companies are starting to offer cloud computing services
(e.g., Amazon Web Services).
Web hosting companies have offered a range of roughly similar services since the mid-1990's.
You can use these services to set up a grid/cluster of ERDDAPs to handle very heavy use.
For more information, see cloud computing with ERDDAP.
WaitThenTryAgain Exception - In unusual circumstances, a user may get an error message like WaitThenTryAgainException: There was a (temporary?) problem. Wait a minute, then try again. (In a browser, click the Reload button.) Details: GridDataAccessor.increment: partialResults[0]="123542730" was expected to be "123532800".
The explanation is:
For each EDDGrid dataset, ERDDAP keeps the axis variable values in memory.
They are used, for example, to convert requested axis values that use the "()" format into index numbers.
For example, if the axis values are "10, 15, 20, 25", a request for (20)
will be interpreted as a request for index #2 (0-based indices).
When ERDDAP gets a request for data and gets the data from the source,
it verifies that the axis values that it got from the source match the axis values in memory.
Normally, they do.
But sometimes the data source has changed in a significant way:
for example, index values from the beginning of the axis variable may have
been removed (e.g., "10, 15, 20, 25" may have become "20, 25, 30").
If that happens, it is clear that ERDDAP's interpretation of the request (e.g., "(20)" is index #2)
is now wrong. So ERDDAP throws an exception and marks the dataset as needing to be reloaded.
ERDDAP will update the dataset soon (often in a few seconds, usually within a minute).
Other, similar problems also throw the WaitThenTryAgain exception.
Starting with ERDDAP version 1.14, it became much less likely that a user would actually see this error.
Now, when the underlying error occurs, ERDDAP automatically internally tries to reload the dataset
and resubmit the request to the reloaded dataset.
Often this succeeds. When it does, the user will simply see that a given request took a little longer
than usual. If it fails, the user should (as the message says) wait a minute, then try again.
Responding Slowly -
If ERDDAP is responding slowly, view your ERDDAP's Status Page from any browser:
<baseUrl>/erddap/status.html .
It has lots of useful information about memory usage, number of requests, thread usage, etc.
Is recent memory usage really high? Are a large number of threads in use?
And/or you can use the "Server Status" link in the Tomcat Manager
to check on the status of all of the response threads.
Is your network / internet connection running slowly?
There may be other useful diagnostic information in the ERDDAP log or in <tomcat>/logs/catalina.out.
Frozen, Hung, Locked Up - If ERDDAP freezes, hangs, or locks up, you need to restart Tomcat
or perhaps reboot the server. Before you do, if the server uses Linux, from a command line,
1) Type "ps -u <tomcatUser>" (but substitute the name of the user that ran Tomcat).
2) In the ps output, find the processID for the "java" process.
3) Type "kill -3 <processID>" to tell Java (which is running Tomcat) to do a thread dump to
   catalina.out.
4) After you reboot, you can diagnose the problem by finding the thread dump information
   (and any other useful information above it) in <tomcat>/logs/catalina.out and
   also by reading relevant parts of the ERDDAP log archive.
5) Please email that information to bob dot simons at noaa dot gov so we can see what went wrong.
PermGen - If you repeatedly use Tomcat Manager to Reload (or Stop and Start) ERDDAP,
ERDDAP may fail to start up and throw java.lang.OutOfMemoryError: PermGen.
The solution is to periodically (or every time?) shut down and restart Tomcat,
instead of Reloading ERDDAP.
[Update: This problem should be greatly minimized or fixed starting with ERDDAP version 1.24.]
Palettes are used to convert a range of numbers into a range of colors when making graphs and maps.
ERDDAP comes with several pre-made palettes. You can add additional palettes.
ERDDAP's palettes are defined in GMT-style .cpt (Color Palette Table) files.
All ERDDAP .cpt files are valid GMT .cpt files, but the opposite may not be true.
ERDDAP may just support a subset of what GMT supports.
If there is trouble, ERDDAP will probably throw an error when the .cpt file is parsed
(which is better than misusing the information).
ERDDAP requires that all .cpt files be stored in <tomcat>/webapps/erddap/WEB-INF/cptfiles.
To get ERDDAP to use a new .cpt file, store the file in that directory
and modify the <palettes> tag in <tomcat>/content/erddap/messages.xml.
But don't remove any of the standard palettes. They are a standard feature of all ERDDAP installations.
An advantage of this approach is that you can specify the order of the palettes in the list
presented to users.
Every new ERDDAP release will overwrite these changes.
So, for every new ERDDAP release, you need to:
1. Put your .cpt files in <tomcat>/webapps/erddap/WEB-INF/cptfiles
2. Make the changes to <palettes> in messages.xml
3. Restart ERDDAP so ERDDAP re-reads the messages.xml file.
Guidelines for Data Distribution Systems - More general opinions about the design and evaluation
of data distribution systems can be found here.

Programmer's Guide

These are things that only a programmer who intends to work with ERDDAP's Java classes needs to know.

Source Code - The source code for ERDDAP is in the erddap.war file.
ERDDAP has a very liberal, open-source license, so you can use the code for any purpose.
Use the Code for Other Projects
While you are welcome to use parts of the ERDDAP code for other projects, be warned that the code
can and will change.
We don't promise to support other uses of our code.
Our main goal is to make a web application that people can download and use, as is, to distribute data.
For many situations where you might be tempted to use parts of ERDDAP in your project,
we think you will find it much easier to install and use ERDDAP as is,
and then write other services which use ERDDAP's services.
You can set up your own ERDDAP installation crudely in an hour or two.
You can set up your own ERDDAP installation in a polished way in a few days
(depending on the number and complexity of your datasets).
But hacking out parts of ERDDAP for your own project is likely to take weeks
(and months to catch subtleties).
We (obviously) think there are many benefits to using ERDDAP as is and making your ERDDAP
installation publicly accessible.
However, in some circumstances, you might not want to make your ERDDAP installation publicly accessible.
Then, your service can access and use your private ERDDAP and your clients needn't know about ERDDAP.
Half Way - Or, there is another approach which you may find useful
which is half way between delving into ERDDAP's code and using ERDDAP as a stand-alone web service:
In the EDD class, there is a static method which lets you make an instance of a dataset
(based on the specification in datasets.xml): oneFromDatasetXml(String tDatasetID)
It returns an instance of an EDDTable or EDDGrid dataset.
Given that instance, you can call
makeNewFileForDapQuery(String userDapQuery, String dir, String fileName, String fileTypeName)
to tell the instance to make a data file, of a specific fileType, with the results from a user query.
Thus, this is a simple way to use ERDDAP's methods to request data and get a file in response,
just as a client would use the ERDDAP web application.
But this approach works within your Java program and bypasses the need for an application server
like Tomcat.
We use this approach for many of the unit tests of EDDTable and EDDGrid subclasses,
so you can see examples of this in the source code for all of those classes.
Development Environment
- Directory Structure
  - If you are installing ERDDAP in a Tomcat (whether or not you will actually use it that way),
    follow the instructions above.
  - If you aren't installing ERDDAP in a Tomcat, you still need to make a Tomcat-like directory structure,
    so that ERDDAP can find the setup files in [tomcat]/content/erddap .
    - Make a directory somewhere called "tomcat" (it can be something else, but this is easier to explain).
    - As indicated above, unzip erddapContent.zip into <tomcat>, creating <tomcat>/content/erddap .
      Follow the instructions above to modify setup.xml and datasets.xml.
      Depending on your situation, you may need to specify that directory by adding something like
      -DErddapContentDirectory="/someDirectory/content/erddap/"
      to the Java command line for your program.
    - Make a [tomcat]/webapps/erddap directory.
    - .war files are just .zip files that follow a few additional conventions.
      So you can use an unzip program to unzip erddap.war into [tomcat]/webapps/erddap .
      That has all of ERDDAP's .java classes and many other files.
- Our development environment is just a programmer's editor (we're not saying which one).
  (No, we don't use Eclipse, Ant, Maven, or ...; nor do we offer ERDDAP-related support for them.
  If we required you to use Ant and you preferred Maven (or vice versa), you wouldn't be very happy about it.)
- We use a batch file which deletes all of the .class files in the source tree.
- We currently use javac 1.5 to compile gov.noaa.pfel.coastwatch.TestAll
  (it has links to a few classes that wouldn't be compiled otherwise) and java 1.5 to run the tests.
  - When we run javac or java, the current directory is [tomcat]/webapps/erddap/WEB-INF .
    (Actually, for us, for historical reasons, it is "/cwexperimental/", instead of "/erddap/".)
  - Our javac and java classpath (including some unnecessary items) is currently
    ./classes;../../../lib/servlet-api.jar;lib/activation.jar;lib\axis.jar;lib/commons-discovery-0.4.jar;lib/itext-1.3.1.jar;lib/joda-time-1.6.jar;lib/joid.jar;lib/mail.jar;lib/netcdfAll-latest.jar;lib/postgresql-8.4-701.jdbc3.jar;lib\jaxrpc.jar;lib\saaj.jar;lib/slf4j-jdk14.jar;lib/tsik.jar;lib\wsdl4j.jar
  - So your javac command line will be something like
    javac -cp (classpath above) classes/gov/noaa/pfel/coastwatch/TestAll.java
  - And your java command line will be something like
    java -cp (classpath above) -Xmx1500M classes/gov/noaa/pfel/coastwatch/TestAll
    Optional: you can add "-verbose:gc". It tells Java to print garbage collection statistics.
  - If TestAll compiles, everything ERDDAP needs has been compiled.
    Lots of classes are compiled that aren't needed for ERDDAP.
    If compiling TestAll succeeds but doesn't compile some class, that class isn't needed.
    (There are some unfinished/unused classes.)
- We use some 3rd party source code instead of .jar files (notably for SSHTools and Dods)
  and have modified them slightly to avoid problems compiling with Java 1.5.
  We have often made other slight modifications (notably to Dods) for other reasons.
- Most classes have test methods. We run lots of tests via TestAll.
  Unfortunately, many of the tests are specific to our set up. (Sorry.)
Important Classes - If you want to look at the source code and try to figure out how ERDDAP works, please do.
- The code has JavaDoc comments, but the JavaDocs haven't been generated. Feel free to generate them.
- The most important classes (including the ones mentioned below) are within gov/noaa/pfel/erddap.
- The Erddap class has the highest level methods. It extends HttpServlet.
- Erddap passes requests to instances of subclasses of EDDGrid or EDDTable,
  which represent individual datasets.
- EDDGrid and EDDTable subclasses parse the request, get data from subclass-specific methods,
  then format the data for the response.
- EDDGrid subclasses push data into GridDataAccessor (the internal data container for gridded data).
- EDDTable subclasses push data into TableWriter subclasses, which write data to a specific file
  type on-the-fly.
Code Contributions - If you have written some code which would be a nice addition to ERDDAP,
please email bob dot simons at noaa dot gov. We'll work out the details.
The two situations that are most likely are:
1. You want to write another subclass of EDDGrid or EDDTable to handle another data source type.
  If so, we recommend that you find the closest existing subclass and use that code as a starting point.
2. You want to write another saveAsFileType method.
  If so, we recommend that you find the closest existing saveAsFileType method in EDDGrid or EDDTable
  and use that code as a starting point.
Both of these situations have the advantage that the code you write is self-contained.
You won't need to know all the details of ERDDAP's internals.
And it will be easy for us to incorporate your code in ERDDAP.
Note that if you do submit code, the license will need to be as liberal as the ERDDAP license
(although you can hold the copyright to your code and we'll list your contribution in the credits).
Yes, we are considering using SourceForge or some similar system, but haven't set it up yet.

List of Changes

The List of Changes for each ERDDAP release is now on a separate web page.

Credits

ERDDAP is a product of the NOAA NMFS SWFSC ERD.
Roy Mendelssohn initiated and oversees the project.
Bob Simons wrote the ERDDAP-specific code.
The ERDDAP-specific code is licensed as copyrighted open source, with NOAA holding the copyright.
See the ERDDAP license.
ERDDAP uses copyrighted open source, Apache, LGPL, MIT/X, Mozilla, and public domain libraries and data.
ERDDAP does not require any GPL code or commercial programs.
Some of the funding for work on ERDDAP has come from the NOAA CoastWatch program, the NOAA IOOS
program, and the POST program. Thank you all very much.

ERDDAP is a Java Servlet program. At ERD, it runs inside of a Tomcat application server (license: Apache),
with an Apache web server (license: Apache), running on a computer using the Red Hat Linux operating
system (license: GPL).
The data sets are from various sources. See the metadata (in particular the "sourceUrl", "infoUrl",
and "institution") for each dataset.
Data from OPeNDAP servers are read with Java DAP 1.1.7 (license: LGPL).
NetCDF files (.nc) and GMT-style NetCDF files (.grd) are read and written with code in the
NetCDF Java Library (license: LGPL) from Unidata.
The NetCDF Java Library reads GRIB files via the Unidata GRIB decoder (grib-6.0.jar) (license: LGPL).
The NetCDF Java Library reads BUFR files via the Unidata BUFR decoder (bufrTables-1.5.jar)
(license: LGPL).
The NetCDF Java Library requires a logger facade (we chose slf4j-jdk14.jar) from the
Simple Logging Facade for Java project (license: MIT/X).
The NetCDF Java Library uses code from several .jar files from the Apache project: commons-codec,
commons-discovery, commons-httpclient, and commons-logging (license: Apache).
The NetCDF Java Library uses XML processing code from JDOM (license: Apache).
ERDDAP uses json.org's Java-based JSON library to parse JSON data
(license: copyrighted open source).
The graphs and maps are created on-the-fly with a modified version of NOAA's SGT version 3
(a Java-based Scientific Graphics Toolkit written by Donald Denbo at NOAA PMEL)
(license: copyrighted open source).
Big, HTML tooltips on ERDDAP's HTML pages are created with Walter Zorn's wz_tooltip.js
(license: LGPL).
Sliders and the drag and drop feature of the Slide Sorter are created with Walter Zorn's
wz_dragdrop.js (license: LGPL).
The .pdf files are created with iText version 1.3.1 (license: Mozilla), a free Java-PDF library by
Bruno Lowagie and Paulo Soares.
The shoreline, river, and lake data are from GSHHS - A Global Self-consistent, Hierarchical,
High-resolution Shoreline Database (license: GPL) and created by Paul Wessel and Walter Smith.
The political boundary data is from the pscoast program in GMT, which uses data from the
CIA World Data Bank II (license: public domain).
The bathymetry/topography data used in the background of some maps is the
ETOPO2v2g Global 2-Minute Gridded Elevation Data Set (license: public domain),
which is distributed for free by NOAA NGDC.
Emails are sent using code in mail.jar from Oracle's JavaMail API (license: BSD).
JavaMail uses activation.jar from the JavaBeans Activation Framework (license: Oracle Open Source.
For OpenID authentication, ERDDAP uses the joid.jar and tsik.jar libraries from the joid project
from Verisign (license: Apache 2.0).
ERDDAP uses Joda for some calendar calculations. (license: Apache).
For SOAP services, ERDDAP uses:
- axis.jar (license: Apache)
- jaxrpc.jar (license: CDDL v1.0)
- saaj.jar (license: CDDL v1.0)
- wsdl4j.jar (license: Common Public License 1.0)
ERDDAP uses code from the CoastWatch Browser project from the
NOAA CoastWatch West Coast Regional Node (license: copyrighted open source).
That project was initiated and managed by Dave Foley, the Coordinator of the NOAA CoastWatch
West Coast Regional Node.
The CoastWatch Browser code was written by Bob Simons.
The ERDDAP distribution includes code from the J2SSH project which is distributed by SSHTools
(version 0.2.2, which is old (2003) but the most recent available) (license: Apache).
It is based on j2ssh/examples/SftpConnect.java (License: LGPL) which is
Copyright (C) 2002 Lee David Painter (lee@sshtools.com).

License

The ERDDAP-specific code is licensed as copyrighted open source, with NOAA holding the copyright.
The license is:

ERDDAP, Copyright 2010, NOAA.
PERMISSION TO USE, COPY, MODIFY, AND DISTRIBUTE THIS SOFTWARE AND
ITS DOCUMENTATION FOR ANY PURPOSE AND WITHOUT FEE IS HEREBY GRANTED,
PROVIDED THAT THE ABOVE COPYRIGHT NOTICE APPEAR IN ALL COPIES, THAT
BOTH THE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE APPEAR IN
SUPPORTING DOCUMENTATION, AND THAT REDISTRIBUTIONS OF MODIFIED FORMS
OF THE SOURCE OR BINARY CODE CARRY PROMINENT NOTICES STATING THAT THE
ORIGINAL CODE WAS CHANGED AND THE DATE OF THE CHANGE. THIS SOFTWARE
IS PROVIDED "AS IS" WITHOUT EXPRESS OR IMPLIED WARRANTY.

Contact

Questions, comments, suggestions? Please send an email to bob dot simons at noaa dot gov
and include the ERDDAP URL directly related to your question or comment.

ERDDAP, Version 1.24
Disclaimers | Privacy Policy